Author
Topic: OurMx History (Read 16683 times)

Bunch of grumps lol. Can't really complain though, I am sort of a grump myself. It's been a while. Great works take time though, it's not something that's slapped together. And for that I can wait. For me, I feel that in the end the new WinMX will be a foundation for a new internet. A spark for something bigger. Just my thoughts though. Many thanks to all those who are working the best they can. Its outside my scope as far as programming goes. I can work designs, improvements, and ease of use, but the programming itself I sadly cannot do.

I was a WinMX user before the client was closed and then stopped so I haven't really followed the things after than that.

long and loud story short; shit + fan = current state of wpn

Quote

I would like to ask one thing, why the sources of OurMx aren't available?The best way to attract developers is release the sources so anyone can write patches without being a fixed developer.

since it could be used as a DDoS tool... the network partially works (chat basically) and the devs dont want to be responsible for breaking chat and providing a script kiddie toy at the same time... ..send ghostship a pm with further questions

It's heartening to see that at least one member of the wider community comprehends the scope of whats possible abusing certain information, it surprises me that little thought is put into the many requests posted here for what amounts to a dangerous set of tools in the wrong hands.

Full marks Stripes

This wont be the case forever but until we pass the chicken and egg stage and get something we can update that's reasonably usable to take the place of the current client we have to edge forward carefully and try to add mitigational measures and continue the research required to replace the broken parts of the network architectural model, as I posted in another thread with many hands we can move mountains with few offering help we have to move ahead at a snails pace, I'm going to be here either way but we all know we could do with a few leaps and bounds manpower (or lady power too ) wise in assisting those doing the work.

Well there are two point of view:1) Open the sources could show vulnerability.2) If the sources was already opened probably the vulnerabilities was already fixed from a lot of time.

Anyone can make their choices but closed source software have usually slow development (if it is free and developers doesn't get paid).Being open source doesn't grant anything but at least open a lot of new possibilities.

and therein lies the catch22 ... the big problem is that winmx history is laden with script kiddies just being... well... their immature selves... there were tools to crash rooms and do all kinds of crazy shit before frontcode even shut down... so.. the majority of those who can code either a) want to do more harm than good or b) want no part of this crap... a falling out with a former winmx user/coder (who also started as a script kiddie) and staff member of this site has been attacking winmx with an automated server for the past... is it 5 or 6 years now?.... ive honestly forgotten...

the source to ourmx and (currently very broken) protocol specs arent being released in an effort to prevent more or worse attacks...

the circa 2002 protocol is whats really broken... think of a decentralized fork of opennap and lose the central servers ability to ban bad users...

The major issue is that there are no new developers to assist with fixing anything, src code or not so the question of just tossing what we have to the wind and hoping for miracle is not one that I care to gamble on, thats not to say a real developer cant join the ourmx team as thats the whole point of having a dev team to bring folks, skills and varying abilities together as well as enhance the community dev's focused mindset towards delivering what the folks want without over working all involved, developers are trusted folks as they have made clear commitments to do their best to the rest of the community, and that is all we ask here also, firm commitments on fixing both the network and the new protocol until we have something thats safe-ish to use and can be open sourced to work past the minimal developer issue, its purely logical to take this stance at this time, if things change of course so too will our advice, this is something for us all and if done well could outlive its originators.

I would also like you to think about the scale of the legacy client problem, unlike gnutella etc there is no client to step in and take over from the existing winmx version and that means any protocol updates will render all older clients to the dustbin, this then sets the hurdle for a replacement pretty high and thus holes, problems and bugs will of course become heavy sticks to beat any developers with, this is one of the aspects that slow the whole project down as we cant afford to mess anything up while we work to replace safely the underlying primary network protocol flaws.

the major thing many seem to forget is IF ourmx would be open sourced it will still not be replacing winmx.the danger imho is that what is left of the network will die and making ourmx a obsolete replacement

in short we have to live with the hampered but living network and wait until ourmx is ready to be ported onto the networkor we can choose to give free what sources and knowledge we have of wpn and say that was it, this will not be my choice.

The model behind Ourmx is to support the current network and facillitate alternative mechanisms and payloads to support further security enhancements, however its pretty clear at the current time that the existing protocol is insecure and thus a liability now, continuing to use the currrent client other than as a secondary connection is likley to be counterproductive, we need to build on firm foundations instead of sand and we are at a stage where we could now get experimenting with an improved model, thats the most logical way ahead if we choose to take it;

LongLostUser

White Stripes: Alright, I wasn't aware of that, but that's a good thing, and it is good to see that you guys have come to the same conclusion as me on this point. I will stand corrected on that one.

"since it could be used as a DDoS tool... the network partially works (chat basically) and the devs dont want to be responsible for breaking chat and providing a script kiddie toy at the same time..."

White stripes: I honestly don't see how it could be used as a DDoS tool any more than any existing available code can be used for that. There are already open source chat servers like mcs demonstrating how to connect as a primary which can relatively easilly be modified for destructive purposes by someone if they want to. And if there are any secondary features that you're afraid of disclosing, you still have the robomx source which already does most of the things a secondary needs to do. And it is already being used to spam rooms and such. On top of that, keep in mind that at this point, the primary TCP part of the network is already so crippled that it is beyond useless and serves no purpose. So what more could potentially go wrong?

Ghostship: I think most people have heard what you are saying about whether the source/protocol stuff should be made available or not. I've heard these things too. But keep in mind that even if revealing such info attracts a hundred, a thousand, or even tens of thousands of new attackers, you only really need ONE solution to make those attacks ineffective. By revealing more info, you have a greater chance of finding that one great mind with this one great solution. Great minds are there to solve problems. Attackers are there to put those solutions to the test. And together they are all part of developing a secure protocol.

In my previous post I mentioned that people may want to see some more openness about the project. I think you should look a bit into this to regain some trust and to get rid of the constant nagging in the forum. The way things are now, lots of people feel left out and have thousands of unanswered questions, which in the end leads to all this dissatisfaction and criticism you see in this forum. I really don't see why you need to have a lot of unhappy users here when you can try to make them happy instead. After all these users surely want to succeed with this project, I think they just feel a bit left out and overlooked. Try to do something to make those users feel more included instead of arguing with them and telling they are wrong.

For example you just mentioned that you have plans on how to enhance the security of the existing primary protocol without breaking compatibility with existing clients. I'm sure that many people are curious about your approach to the problem, and I am sure you can get some valuable feedback by sharing your ideas openly. There are many people on WinMX who understand the network pretty much completely even if they have no coding skills or don't know the exact details of the protocol format down on a "message type" / "byte-by-byte"-level. They can give you valuable feedback and point out any flaws that you may have overlooked so you don't spend lots of time on a design that turns out to not offer the protection needed after all.

I know that you may not trust me or others enough to reveal this information. But please think again for a moment.. If you are confident that your ideas are indeed secure enough, then why would you have any problems sharing those ideas? And if you for some reason aren't confident about the idea, you should ask yourself why that is, and see if you are perhaps doing something wrong. Perhaps you've thought of a flaw that you don't want anyone to notice, thereby trying making it secure by obfuscation, not by design. If so that's not really a good thing, and you're possibly going to see more trouble further down the road.

It could also be nice to see some demonstrations of the new rewritten OurMX, especially if robomx has been scrapped and you've started from scratch. You say that there is little point of releasing something at this point as most people want to see a fancy looking and working UI, and there is little to "show" at this point as most of the code is background stuff and not visible things that represent what the project will be. But that's not entirely true, as there are 2 types of people on here. What you are saying will be true for an average user like TOAD who pretty much only cares about the UI and is annoyed by popup boxes that show seemingly meaningless info. But you also have the more technically minded people like me and others who are actually interested in the code that operates behind the scenes rather than what the thing looks like. The latter understands that the popup boxes in ourmx are there trying to display valuable debugging information, and understand that it won't be a part of the finished product. I'm sure both of those user groups, and even you, will benefit from it in some way. You'll get rid of the constant nagging from curious users who are losing their hope and getting unhappy, and you'll be able to receive valuable feedback from the technically minded users. You'll have more users cheering you up to motivate you to finish this project instead of criticizing you.

Ultimately it is of course up to you to decide as it is your project. You choose where you want to go with this and what you want to do with your own piece of work. Nobody can dictate what you should do. You have to make those decisions yourself. But it is always a good idea to listen to the userbase, and keep in mind that just because someone is unhappy, it doesn't mean that their views are wrong. Even unhappy users like TOAD are trying to help you. And even if more openness about the project doesn't contribute to any progress directly, I'm sure it will make more people happy. There is no need to have a lot of unhappy users if they can somehow be made happy. It's not all about progress, it is about making people feel included, which I believe you can achieve with some more transparency and openness around the project instead of a secret group hiding in the shadows.

We are not speculating about the ability of the WPN to DDOs victims. the older hands here have all seen this undertaken in real life and know all too well of the effect it can have, I can give you names to check with if your interested in the carnage of misuse.

Whilst many options are available to the average DDOS attacker the beauty of misusing a torrent or p2p network is the sheer mass of unblockable IP ranges in usage on hundreds of ports, I am not sure why you believe that this is something not worthy of our alarm but we feel it is and I hate to keep wittering on but when coders make themselves known they will be assisted to partake in areas of interest, in some cases this is going to be drawn out if they are completely unknown to the community but we know good folks when we see them and will guide them to our next-step resources immediately.

To address the majority of the rest of your post can I simply state I have taken steps already to enjoin more folks in the battle but even that's not easy when theres few who want to help and many who want to sit idle, i state repeatedly that we as a community have the responsibility to save ourselves and whilst the good folks here and the volunteers will always do our best to deliver on our promises we form only a small fraction of the community and thus shoulder an undue measure of the workload, this should not mean we are here for anyone to whip us when they get bored, all folks have the same potential to offer their services and thus should reflect on what they deliver before turning their attentions to our efforts out of impatience.

I see there is much positivity in your post and enjoy your discussion of our troubles here but can you answer one simple question as your whole outlook seems to revolve around its validity : where will the army of new coders come from if we opened the src tomorrow ? I spend a lot of time looking at other p2p networks and projects and I can tell you right now they are all struggling as we are so whats different about this network that's going to gain there interest ?

I don't believe there are any coders out there at this time that are falling over themselves to fix up this network when theres literally hundreds of forks of other network clients they can modify to their whim and put their names on without a 100th of the effort, I mean unless you cared about the WPN would you bother ?

I don't believe there are any coders out there at this time that are falling over themselves to fix up this network when theres literally hundreds of forks of other network clients they can modify to their whim and put their names on without a 100th of the effort, I mean unless you cared about the WPN would you bother?

Well, it depends.

Personally I like to code and fix things; I rather prefer fix uncommon things that others won't do rather than common things.It depends on personality, maybe mine is uncommon

One new developer visiting here in 4 years is really the point I was trying to make, I know a lot of folks have skills and the time to spare on this network but trying to harness all that into working together to reach the beginning of our future a little faster is the real challenge, its pretty much like a nuclear pile trying to reach critical mass when half the piles not yet in place, as long as we keep building the pile up we get nearer to our goal and the users will enjoy the network as they used to with a future that is far removed and forward looking than the place we are at at this time, to reach that goal we need only keep at the task in hand and gather all and every possible assistance from all sources that want to help, that's always been the plan, as always the fly in the ointment is to keep the work flowing given the dynamic nature of a time limited development force while banging your head against a wall when a hurdle is encountered and theres no viable solutions or even those to discuss solutions with around the already small table, I will be looking to the support group folks to assist in working past these hurdles by taking over the role of priority task selection, this will be done once they have gone through the features already completed and those that require more work, we will end up with a task list and a schedule of priority and the developers will focus on those aspects rather than jumping from a to b to x to g etc as goes on atm, theres so much to do it often seems overwhelming but given more minds on the job i am sure we can save time in many areas and use that time super effectively.